Hi, Amy. The missing information now seems to be your Gateways. I will take these guesses: Based on my diagram The gateway for R1 is 10.0.0.1 The gateway for R2 is 200.0.0.1 This being the case, you will need to add a route to R1 telling it where to use 200.0.0.2 as the gateway going to the 100.0.0.0 segment. One thing I would also suggest is to use 2 segments that are not routable on the internet. Such as 172.16.0.0 subnet mask 255.255.0.0 and 172.17.0.0 subnet mask 255.255.0.0 instead of the 100.0.0.0 and 200.0.0.0 ranges. This will help with security, as those two networks can exist on the public side of your ISA box, and if a request comes from one of those networks, it is treated as if it came from the inside. HTH Kevin -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, March 07, 2002 4:34 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Add Internal DSL Network http://www.ISAserver.org Thanks Kevin. I haven't added the 200 network to the LAT. I will give that a try but I didn't think that the 200 part was getting out of the router. These are configured as routers and I'm not using NAT on them. Amy Babinchak Technology Consultant -----Original Message----- From: Kevin S. Malinowski [mailto:Kevin@xxxxxxxxxx] Sent: Thursday, March 07, 2002 4:32 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Add Internal DSL Network http://www.ISAserver.org Hi, Amy. A couple of things right off the top. Both the 200 segment and 100 segment need to be in the LAT on the ISA server, also you said that these are DSL routers are they running in the default NAT configuration or are they configured as routers? If they are configured as routers, they may also need routes added to their routing tables. Other than the LAT, I don't believe ISA is causing any issues. Kevin -----Original Message----- From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Thursday, March 07, 2002 8:45 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Add Internal DSL Network http://www.ISAserver.org Kevin, I added to your diagram below. The persistent route is route -p add 100.0.0.0 mask 255.255.255.0 10.0.0.20 metric 1. We only have one server. It's an MS Small Business Server 2000. I added the route to this server. The problem seems to be that Router #2 can't see any of the computers on the 10.0.0. network. Now that I'm starting to relook at this problem I'm now thinking that it is not an ISA problem but rather something amiss with the configuration of router #2. Thanks for the help, Amy Babinchak Technology Consultant -----Original Message----- From: Kevin S. Malinowski [mailto:Kevin@xxxxxxxxxx] Sent: Tuesday, March 05, 2002 7:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Add Internet DSL Network http://www.ISAserver.org Amy, Can you elaborate a little on the setup. For instance, The internal nic on the ISA server has an IP of 10.0.0.1 subnet mask is...? You have two routers, you only give one IP address per router, the picture is not complete. ---- ---- ---- | |10.0.0.1/24 | |200.0.0.1/c | |100.0.0.1/24 |ISA |---------------------| R1 |-------------------| R2 |------------ | | 10.0.0.20/24 | | 200.0.0.2/c | | ---- ---- ---- Also, what are the gateways you have assigned to each subnet and what is the persistent route you added to the server (and which server? The ISA server?). Kevin Malinowski -----Original Message----- From: Amy [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, March 05, 2002 11:47 AM To: [ISAserver.org Discussion List] Subject: [isalist] Add Internet DSL Network http://www.ISAserver.org I have installed Internal DSL routers in my network. The purpose of these routers is to extend our network beyond the 300 foot ethernet limit to reach the far ends of our facility. The internal network is 10.0.0.1 The near router is 10.0.0.20 The far router is 100.0.0.1 Each router can ping the other. The 10.0.0.20 router can ping the workstations on 100.0.0.1 and workstations can ping the 10.0.0.20 router. The problem is that the workstations on the 100.0.0. network can not ping any workstations on the 10.0.0. nor does the reverse work. I think that the ISA server is getting in the way. I did add a persistant route to the server for 100.0.0.0 and I added 100.0.0.0 to the LAT. What else do I need to do to allow the 100.0.0. workstations to comunicate on the network? thanks for the help. Amy ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kevin@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kevin@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: amy@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kevin@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002